尝试调用 REST API 清除队列消息时,Azure 存储服务抛出 403 禁止错误

Azure Storage Service throws 403 forbidden error when trying to call REST API to clear queue messages

我正在尝试通过队列服务 REST API 清除所有 azure 存储队列消息。我已经验证代码是正确的,但它仍然是 returns 403 禁止错误。 "StorageSharedKey" 和 "StorageAccountName" 是正确的,因为我能够使用 azure 队列客户端的连接字符串中的这些值连接到 azure 队列。我使用的存储版本是“2015-12-11”。

代码如下:

    internal void ClearStorageQueueMessages(string queueName)
    {
        const string requestMethod = "DELETE";
        string urlPath = $"{queueName}/messages";
        var dateInRfc1123Format = DateTime.UtcNow.ToString("R", CultureInfo.InvariantCulture);
        var canonicalizedHeaders = $"x-ms-date:{dateInRfc1123Format}\nx-ms-version:{StorageVersion}";
        var canonicalizedResource = $"/{StorageAccountName}/{urlPath}";
        var uri = new Uri($"https://{StorageAccountName}.queue.core.windows.net/{urlPath}");
        var response = MakeDeleteRestCall(uri, requestMethod, dateInRfc1123Format, canonicalizedHeaders, canonicalizedResource);
    }

    internal RestResponse MakeDeleteRestCall(Uri uri, string requestMethod, string dateInRfc1123Format, string canonicalizedHeaders,
        string canonicalizedResource)
    {
        var restResponse = new RestResponse();
        var stringToSign = $"{requestMethod}\n\n\n\n\n\n\n\n\n\n\n\n{canonicalizedHeaders}\n{canonicalizedResource}";
        var authorizationHeader = CreateAuthorizationHeader(stringToSign);

        var request = (HttpWebRequest) WebRequest.Create(uri);
        request.Method = requestMethod;
        request.Headers.Add("x-ms-date", dateInRfc1123Format);
        request.Headers.Add("x-ms-version", StorageVersion);
        request.Headers.Add("Authorization", authorizationHeader);
        //request.Accept = "application/atom+xml,application/xml";
        request.Accept = "application/json";
        //request.ContentType = "application/json";

        using (var response = (HttpWebResponse) request.GetResponse())
        {
            restResponse.StatusCode = response.StatusCode;
            var responseStream = response.GetResponseStream();
            if (responseStream == null)
                return restResponse;
            using (var reader = new StreamReader(responseStream))
            {
                restResponse.ReturnedContent = reader.ReadToEnd();
            }
        }
        return restResponse;
    }

    internal static string CreateAuthorizationHeader(string canonicalizedString)
    {
        string signature;

        using (var hmacSha256 = new HMACSHA256(Convert.FromBase64String(StorageSharedKey)))
        {
            var dataToHmac = Encoding.UTF8.GetBytes(canonicalizedString);
            signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
        }

        var authorizationHeader = string.Format(CultureInfo.InvariantCulture, "{0} {1}:{2}", StorageSharedKey,
            StorageAccountName, signature);

        return authorizationHeader;
    }

问题似乎与 header 授权有关。请根据文档检查格式:

Authorization="[SharedKey|SharedKeyLite] :"

https://msdn.microsoft.com/en-us/library/azure/dd179428.aspx

您的函数以明文形式添加共享密钥,而不是授权方案 "SharedKey" 或 "SharedKeyLite"。